The Department of Defense uses data from contractors' business systems—e.g., accounting or purchasing systems—to guard against fraud, waste, and abuse in DOD contracts. For example, reviewing data from a contractor's accounting system can help keep the contractor from overcharging.
DOD must review contractors' business systems to ensure that the data from them can be used. We've previously found that it was years behind on some of these reviews.
DOD has an ambitious plan to catch up on these reviews in 3 years, but has no way to measure its progress. We recommended that DOD monitor and assess whether it's completing these reviews as planned.
A person with a magnifying glass and a calculator views data on a spreadsheet.
What GAO Found
Since 2011, the Department of Defense (DOD) has implemented several changes to its processes for reviewing contractor business systems—which include systems such as accounting, estimating, and purchasing. Among other changes, DOD
clarified the roles and responsibilities of the Defense Contract Management Agency (DCMA) and the Defense Contract Audit Agency (DCAA)—the two agencies that are responsible for conducting the reviews;
clarified timeframes for business system reviews and established criteria for business systems; and
withheld payments from contractors that were found to have significant deficiencies in their business systems.
DOD does not have a mechanism to monitor and ensure that these reviews are being conducted in a timely manner. For its part, DCAA has conducted few business system audits since 2013, as it focused its efforts on other types of audits. DCAA plans to significantly increase the number of business system audits over the next 4 years, but its success in doing so depends on its ability to shift resources from other audits; to use public accounting firms to conduct other, non-business system audits; and DCAA staff's ability to execute new audit plans in a timely manner.
DCMA relies on the three offices responsible for conducting DCMA-led reviews to manage the reviews, but DCMA does not formally monitor whether these reviews are being conducted consistent with policy nor does it monitor DCAA's efforts to complete the audits for which it is responsible. DCMA is ultimately responsible for approving a contractor's business systems. DCMA currently lacks a mechanism based on relevant and reliable information, such as the number of reviews that are outstanding and the resources available to conduct such reviews, to ensure reviews are being completed in a timely fashion. Such information could help inform more strategic oversight on whether the current review process is achieving its intended results, or whether additional changes to the timing of or criteria for conducting reviews are needed.
Why GAO Did This Study
Contractor business systems produce critical data that contracting officers use to help negotiate and manage defense contracts. These systems and their related internal controls act as important safeguards against fraud, waste, and abuse of federal funding. Federal and defense acquisition regulations and DOD policies require that DOD take steps to review the adequacy of certain business systems, but GAO and other oversight entities have raised questions about the sufficiency and consistency of DOD's review process.
The National Defense Authorization Act for Fiscal Year 2018 contained a provision for GAO to evaluate how DOD implemented legislation intended to improve its business system review process. Among other things, this report examines (1) the changes DOD made to its review process and (2) the extent to which DOD is ensuring timely business system reviews.
GAO analyzed DOD acquisition regulations, policies, and procedures for conducting contractor business system reviews and analyzed data on reviews conducted between fiscal years 2013 and 2018.
GAO recommends that DCMA, in collaboration with DCAA, develop a mechanism to monitor and ensure contractor business system reviews are conducted in a timely fashion. DOD concurred with the recommendation.